Aws_transfer_server endpoint_type = VPC does not allow to configure security group

aws_transfer_server endpoint_type = "VPC_ENDPOINT" it’s deprecated / discountinued

After May 19, 2021, you won’t be able to create a server using EndpointType=VPC_ENDPOINT in your AWS account if your account hasn’t already done so before May 19, 2021. If you have already created servers with EndpointType=VPC_ENDPOINT in your AWS account on or before February 21, 2021, you will not be affected. After this date, use EndpointType = VPC . For more information, see Discontinuing the use of VPC_ENDPOINT.

So in principle I should be using aws_transfer_server with endpoint_type = “VPC” but terraform does NOT allow to configure the security groups when creating the aws_transfer_server resource . When creating a aws transfer server from the AWS console it is actually possible to specify the security groups at creation.

So is there any workaround there? So far I need to create the aws_transfer_server, look in the vpc endpoint id that is created under the hood (looking it up in the aws console), and edit manually in the aws console the vpc endpoint to add the security group. So really adding the security group manually outside terraform. Of course I would prefer if I could manage the security group in terraform as well. Is there any way?

I reported this as feature request in aws_transfer_server: allow security group · Issue #19872 · hashicorp/terraform-provider-aws · GitHub , but maybe somebody here has another idea on how to do it …